|
|
|
|
|
|
|
Crimeware-Spreading Websites Increase Rapidly in H2 2008
|
Note: Click graph to download full report
 |
- The number of crimeware-spreading sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December, and 827% increase from January 2008.
- Unique phishing reports submitted to APWG recorded a yearly high of 34,758 in December.
- The number of unigue keyloggers and crimeware-oriented malicious applications reached an all-time high in July reaching 1,519 in July.
- Rogue anti-malware began to rise in July, skyrocketing in December to 9,287.
|
|
|
|
Check out the advice we've compiled for consumers on phishing. Visit the Resources pages for more information:
|
12 May 09: APWG Releases Global Phishing Survey: Domain Name Use and Trends in 2H2008
This study is a comprehensive analysis of the phishing that took place in the second half of 2008 (2H2008). Highlights include:
- Phishing attack and uptime statistics for all top-level domains
- How phishers targeted specific registrars and top-level domains, and change their preferences over time
- Domain name registration patterns, and use of subdomains for phishing
- Other trends pointing to anti-abuse strategies
11 May 09: APWG Opens it's third annual Counter eCrime Operations Summit
The APWG opens it Third annual Counter eCrime Operation Summit in Barcelona with a terrific turnout and robust agenda. Read deatails of the program at the link above.
20 Apr 09: APWG IPC Co-Chair Laura Mathers moderates the Protecting Consumers panel at the RSA
eFraudNetwork
The eFraoudNetwork is a day where brand owners, law enforcement, and other organizations gather to discuss best practices in fighting online
fraud. Other moderators included people from PayPal, the Department of Justice, and the Merchant Risk Council, Bank of America and Yahoo!.
APWG announces The Emergent Law Enforcement-Network Security Initiative (eLENS)
This new project endeavors to take responsibility for
helping to bridge the eCrime data-sharing gap between public law
enforcement, private network security, investigative intelligence, network
measurement and experimentation, and related policy. While the operational
lines between these entities is blurring, there is no corresponding policy
to guide and coordinate what is occurring informally and on an ad hoc basis.
The eLENS effort will initially develop and promote uniform data exchange
guidelines that address the full life cycle of information flows: discovery,
acquisition, sharing, and disclosure. This will take into account the
legality of capturing, observing, and sharing network activity, including
the proper roles of the various stakeholders, and observance of evidentiary
chain-of-custody principles to ensure resulting actions are ethically and
legally actionable. A prospectus of the project is available here.
APWG Internet Policy Committee Co-Chair Laura Mathers post a series about online fraud from the victim's perspective.
In the fraud fighting community it is easy to sometimes lose sight of what it is like to be the victim. In these post Laura attempts to raise
awareness of the frustration and helplessness (in addition to the money loss) that accompanies these crimes.
17 Mar 09: APWG Releases Second Half 2008 Phishing Trends Report
The APWG's combined report, covering phishing activity during the second half of 2008 is available on our archive page here: APWG Phishing Trends Activity Reports.
10 Mar 09: APWG Secretary General Peter Cassidy at Council of Europe
Octopus Interface Conference on Cybercrime - Strasbourg, France
Mr. Cassidy discusses the APWG's XML schema for eCrime reporting in a
presentation titled, "An eCrime Reporting Lingua Franca" at this
conference which is themed "Cooperation against Cybercrime."
3 - 5 Mar 09: APWG addresses APCERT Annual General Meeting -
Kaohsiung, Taiwan
Deputy Secretary-General Foy Shiver addresses The Asia Pacific Computer Emergency Response Teams (APCERT) with a briefing on the status
of counter e-crime efforts and programs designed to battle both crime and fraud on the internet. The annual conference provides a platform
for CERTs in Asia Pacific region to share security information and to build trust relationships.
4 Feb 09: APWT Releases new resource document "What To Do If Your Web Site Has Been Hacked by Phishers"
This document is a reference guide for any web site owner or operator who suspects, discovers, or receives notification that it's web site
is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification,
notification, containments, recovery, restoration and follow-up when an attack is suspected or confirmed.
20 - 22 Jan 09: APWG Secretary General Peter Cassidy at United Nations Office on Drugs and Crime meeting of
Core Group of Experts on Identity-Related Crime - Vienna, Austria
Mr. Cassidy discusses utility of APWG/CMU Phishing Education Landing Page program and the APWG's XML schema for
eCrime reports at the final meeting of the core experts group that studying and making
recommendations about management of identity related crimes.
16 Nov 08: APWG releases Advisary on Subdomain Registries
This advisory, "Making Waves in the Phisher’ Safest Harbors: Exposing the Dark Side of Subdomain Registries", discusses how phishers now use what we call subdomain registries to provide safe harbors for malicious and criminal activities. The advisory also discusses measures individuals and organizations can consider if they opt to make these harbors less attractive and effective to phishers.
3 Nov 08: APWG releases Global Phishing Survey: Domain Name Use and Trends in 1H2008
This study describes our analysis of a comprehensive database of phishing that took place in the first half of 2008 (1H2008), and is a follow-up to our 2007 study. Specifically, the data in this new report includes all the phishing attacks detected between January 1, 2008 and June 30, 2008, as collected by the APWG and supplemented with additional reports from several phishing feeds and private sources. The APWG phishing repository is the Internet’s most comprehensive archive of e-mail fraud and phishing activity.
2-7 Nov 08: APWG Industry Liaison Rod Rasmussen briefs ICANN constituency meetings on latest phishing threats - New Delhi, India
APWG Industry Liaison Rod Rasmussen presents updates on latest phishing threats and APWG DNSPWG initiatives to ICANN constituency groups including gTLD Registries, Business, ISP, and IP. Also provides closed-door briefing to Security and Stability Advisory Committee (SSAC) on sensitive threats to DNS infrastructure, and provides in-depth briefing on Fast-Flux Phishing as part of the open SSAC meeting.
27 Oct 08: Anti-Phishing Best Practices Recommendations for Registrars
The purpose of this document is to provide a set of recommendations to the domain registrar community that can substantially reduce the risk and impact of phishing on consumers and business worldwide. The recommendations focus on 3 areas where registrars can be of assistance: Evidence Preservation for Investigative Purposes, Proactive Fraud Screening and Phishing Domain Takedown.
8 Oct 08: FTC Warnes Consumers to Avoid Fake E-mails Tied to Bank Mergers
Consumers are warned not to take the bait. The FTC has advice about how to stay on guard against this type of scam. To learn more, see the consumer alert “Bank Failures, Mergers and Takeovers: A ‘Phish-erman’s Special,’” at http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt089.shtm.
12 Sept 08: APWG to Briefs APACS Payments Council in London, UK
APWG Chairman Dave Jevans will address the fourth annual ID Threats Seminar organised by the APACS Security Unit. The objective of this year’s event is to allow business owners, security professionals, government and law enforcement to share experiences and best practice, and to explore new opportunities for improvement.
19 Aug 08: APWG and IEEE Partner for Electronic Crime Research Conference
The APWG, a global, independent coalition combating electronic crime, and IEEE announced today that they will join forces for the development of the APWG e-Crime Researchers Summit (eCRS), the world’s only peer-reviewed technical conference dedicated exclusively to electronic crime research.
Press Release avaialable here.
21-22 Jul 08: APWG to Briefs Identity Protection Forum Hosted by the Internal Revenue Service in Washington, D.C.
Dr. Laura Mather, APWG Managing Director of Operational Policy, will address the Identity Protection Forum in Washington, D.C. hosted by the IRS. The purpose of the Forum is to unite key executives and experts in the fields of privacy and identity theft from both public and private sectors, in the domestic and international arenas, to share common experiences and successes in the protection of identity information and gain insights into trends and future developments in this area of growing interest.
16 Jul 08: FTC Issues Staff Report on Roundtable Discussion About Phishing
The Federal Trade Commission today released a staff report on a Roundtable Discussion on Phishing Education that it hosted in April. Approximately 60 experts from business, government, the technology sector, the consumer advocacy community, and academia met at the FTC to discuss strategies for outreach to consumers about avoiding phishing. The FTC’s report summarizes key themes that emerged from the Roundtable Discussion and outlines next steps for increasing anti-phishing education. The report also includes a description of workshop participants’ efforts to fight phishing attacks and educate consumers, as well as ideas for increasing effective consumer education. To read the report go to http://www.ftc.gov/reports/index.shtm.
28 May 08: SSAC post an Advisory on Registrar Impersonation Phishing Attacks
The ICANN Security and Stability Advisory Committee describes a form of phishing attack that targets domain name
registrants. In this Advisory, SSAC describes generic forms of this type of attack. We
consider types and formats of information included in legitimate email
messages that various registrars use when corresponding with customers. We
discuss how phishers manipulate these information types and formats to
create a bogus correspondence that is designed to socially engineer the
registrar¹s customer into visiting an impersonated registrar web site. The
attacker designs the impersonated web site to dupe the customer into
disclosing domain management account names and credentials. We discuss some
of the current recommended practices to minimize or prevent phishing attacks
employed by common phishing targets such as financial institutions and large
corporations. We recommend measures that registrars can take to make their
correspondences with registrants less "phishable² and identify ways for
registrants to detect and avoid falling victim to this form of phishing.
21 - 22 May 08: APWG Deputy Secretary-General Foy Shiver addresses World Cyber Security Summit 2008 - Kuala Lumpur, Malaysia
Mr. Shiver keynotes the 2008 World Cyber Security Summit (WCSS) to be held in conjunction with 16th World Congress on Information Technology 2008 in Kuala Lumpur, Malaysia. The theme of the workshop is “E-Commerce and Cybercrime” and will address issues that are affecting and challenging the sustainability of critical information infrastructures and organisations.
|
|
|
|
|
|
|
Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and
identity theft that result from phishing,pharming and email spoofing of all types.
|
|
Have You Been Phished?
Do you have a phish story you would like to share to help educate others through our Phishing Trends Report?
Send us a note with this form
|
|
|
|
click here for a full listing
|
| |
| |
| |
|
Public
APWG
eLENS - APWG
eCrime 